Pen Test Partners

Discord as a C2 and the cached evidence left behind

TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but ...
Infosecurity Magazine

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

New NPM attack: Self-replicating malware infects dozens of packages

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.
Arabian Post on MSN

AI-Powered Login Attack Framework Raises Stakes

BruteForceAI accelerates credential testing by automating form discovery and attack workflows with human‑like finesse. Security teams and penetration testers now gain a powerful tool that merges ...